← GlobalSign nv-sa cases
Bugzilla #1599788
Certificate Problem Report
GlobalSign: Failure to revoke noncompliant ICA within 7 days
RESOLVED
FIXED
GlobalSign nv-sa
AI Summary
GlobalSign faced an issue where 25 intermediate certificates were not revoked within the required 7-day period as specified by the Baseline Requirements (BR). These certificates were not included in audit reports and were not intended for issuing TLS certificates. GlobalSign acknowledged the compliance issue and has initiated steps to revoke the certificates while ensuring that customer migration is managed to avoid disruptions. The case has been resolved with a commitment to improve future compliance.
Chronology
- GlobalSign identified 30 ICA certificates missing during CCADB review.
- Incident report submitted regarding failure to revoke 25 ICAs.
- GlobalSign generated next generation of roots to separate different certificate use cases.
- Remediation confirmed complete by external reviewer.
Participants
Arvid Vermote
Ryan Sleevi
W. Thayer
External References
Similar Local Cases
GlobalSign: Untimely revocation of TLS certificate after submission of private key compromise
GlobalSign: Failure to revoke noncompliant ICA within 7 days
GlobalSign: Failure to revoke noncompliant certificates within 5 days
GlobalSign: ICAs in CCADB, without EKU extension are listed in WTCA report but not in WTBR report
GlobalSign: Incorrect OCSP Delegated Responder Certificate
GlobalSign: Invalid stateOrProvinceName and locality pair
GlobalSign: Invalid stateOrProvinceName value
GlobalSign: IP in dnsName